Internal user password hashing

Accepted Solution Solved
Reply
New Contributor
Posts: 3
Accepted Solution

Internal user password hashing

Hi guys,

is anybody able to tell me the algorithm SAS uses to hash passwords for internal users?

Here is the picture…

I need to create a tool for automatic user creation. I would use SAS MDU macros, however the users I have to create do need an internal account. This is why I went for the java way: I do create a person, I do create the internalUser, and I finally bind them:

http://support.sas.com/rnd/javadoc/94/metadata/com/sas/metadata/remote/InternalLogin.html

However, internalUser needs a passwordHash set. Obviously , I usually have salt and password, and this is why I’d need to know how to join them in order to get the salted hash. Javadoc doesn’t seem to answer this question.

By checking the metadata through metabrowse facility, it really really looks similar to a base 64 encoding. I already tried base64(salt+hash) and many similar combinations, but it didn’t seem to work. I tried md5 as well, but I’m just guessing. Any clues?

Thank you all

Mike


Accepted Solutions
Solution
‎02-26-2015 01:35 PM
New Contributor
Posts: 3

Re: Internal user password hashing

I’d like to say thank you to SAS Italian Support who gave the correct answer.

As long as we do not know the way SAS encrypts passwords, we can use a different interface to do that.

Here you can find the documentation:

http://support.sas.com/documentation/cdl/en/omaref/63063/PDF/default/omaref.pdf

And here it is some sample code:


MdFactoryImpl _factory = new MdFactoryImpl(false);

MdObjectStore objectStore = _factory.createObjectStore();

Person person = (Person) _factory.createComplexMetadataObject(objectStore, "mike", MetadataObjects.PERSON, shortReposID);

/* Won’t work, for we do not know the way SAS will encrypt password */

InternalLogin internalLogin = (InternalLogin) _factory.createComplexMetadataObject(objectStore, "InternalLogin_Object", MetadataObjects.INTERNALLOGIN, shortReposID);

internalLogin.setSalt(salt);

internalLogin.setPasswordHash("?????????????");

person.setInternalLoginInfo(internalLogin);

/*   */

/* This will work instead */

MdOMRConnection connection = _factory.getConnection();

ISecurity_1_1 is = connection.MakeISecurityConnection();

is.SetInternalPassword("mike", "SASpw1");

/*   */


person.updateMetadataAll();

Thank you all.

View solution in original post


All Replies
Trusted Advisor
Posts: 3,214

Re: Internal user password hashing

looks to be a part of the metadata model (DATA) SAS(R) 9.2 Metadata Model: Reference (InternalLogin )

---->-- ja karman --<-----
New Contributor
Posts: 3

Re: Internal user password hashing

Exactly Jaap,

both salt and passwordHash are attributes of the internalLogin metadata object.

However, when you create a new user, you usually have a name and a password, so you have to calculate the hash.

I assume there is some kind of java utility method to do that. Knowing the procedure would do as well.

If not, there is no way you can create an internalLogin from scratch.

Trusted Advisor
Posts: 3,214

Re: Internal user password hashing

The hash is generated with the salt and password. To be able to generate the same hash the salt is needed. 
So the logic would be generate salt- store salt generate hash with password store hash.

Going in the reverse mode you would get the salt   get (trial/input) password   verify hash.

As external logins must be decrypted there is a method to get the original password for those.

Getting in between the external connection in the internal process it should be rather easy to retrieve those.

Until now I have seen them being mixed up within the metadata structure. It could be a way to hack internal login by that way. 

---->-- ja karman --<-----
Solution
‎02-26-2015 01:35 PM
New Contributor
Posts: 3

Re: Internal user password hashing

I’d like to say thank you to SAS Italian Support who gave the correct answer.

As long as we do not know the way SAS encrypts passwords, we can use a different interface to do that.

Here you can find the documentation:

http://support.sas.com/documentation/cdl/en/omaref/63063/PDF/default/omaref.pdf

And here it is some sample code:


MdFactoryImpl _factory = new MdFactoryImpl(false);

MdObjectStore objectStore = _factory.createObjectStore();

Person person = (Person) _factory.createComplexMetadataObject(objectStore, "mike", MetadataObjects.PERSON, shortReposID);

/* Won’t work, for we do not know the way SAS will encrypt password */

InternalLogin internalLogin = (InternalLogin) _factory.createComplexMetadataObject(objectStore, "InternalLogin_Object", MetadataObjects.INTERNALLOGIN, shortReposID);

internalLogin.setSalt(salt);

internalLogin.setPasswordHash("?????????????");

person.setInternalLoginInfo(internalLogin);

/*   */

/* This will work instead */

MdOMRConnection connection = _factory.getConnection();

ISecurity_1_1 is = connection.MakeISecurityConnection();

is.SetInternalPassword("mike", "SASpw1");

/*   */


person.updateMetadataAll();

Thank you all.

🔒 This topic is solved and locked.

Need further help from the community? Please ask a new question.

Discussion stats
  • 4 replies
  • 581 views
  • 1 like
  • 2 in conversation